If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

I do not know how to and I have never really wondered about this question. However you should approach it like any other computer related problem. You must simply search read about it, read what others have done and wrote about it. You may need to learn a few languages to be able to read and understand the code that the virus' is written in. I am sure that most sites like Symantec will let you in on the exploits of the viris' and you then simply look into the coding and remove what you feel is damaging and see what happens.

Thinking about the situation there would two things I would do before trying anything like this and they would be:

1. Setup a testing system. This system would be strictly used for testing your files to see if they are truly dissinfected.

2. Get a good code editor and look at the coding of the virus' if you know how it is written you should be able to tear our the damaging parts or delete the whole file all together.

There are several ways a virus can infect a file. It could append it's self or it could just copy over certain parts. If the virus overwrites the original file, you'll need your backups.

First is to identify the virus, this will make life a lot easier. Find out what you can about how the virus infects the file. Then you can think of ways to remove it. You can basicly use any language you're comfortable with to write your own remover.

You're off to the deep end if nobody knows the virus. You'll need to have a good understanding of assembly and the C/C++ stack to make sense of it all.

Oliver's Law:
Experience is something you don't get until just after you need it.

am trying to learn assembly as well and yesterday found AV routines but they are in 16-bit assembly could this be a god startting point on this? maybe convert them to 32-bit and try them out with fingers crossed and a quick prayer?

I somehow don't think assembly is going to help you as an end-user in combatting viruses, unless you really enjoy pain. I mean really. Doing something like reprogramming the virus in reverse in assembly isn't very trivial.

Your better bet is to use backups, a hex editor, and a good knowledge of what the infected file *should* look like.

If it's just a word document, you can grab a ton of the text right out of it and redo the formatting, for instance. If an executable, you're probably screwed without backups or a virus which has merely appended/prepended/inserted itself without overwriting anything.